Towards an Efficient Log Data Protection in Software Systems through Data Minimization and Anonymization
|Title:||Towards an Efficient Log Data Protection in Software Systems through Data Minimization and Anonymization||Authors:||Portillo Dominguez, Andres Omar; Ayala-Rivera, Vanessa||Permanent link:||http://hdl.handle.net/10197/12346||Date:||25-Oct-2019||Online since:||2021-07-23T15:47:20Z||Abstract:||IT infrastructures of companies generate large amounts of log data every day. These logs are typically analyzed by software engineers to gain insights about activities occurring within a company (e.g., to debug issues exhibited by the production systems). To facilitate this process, log data management is often outsourced to cloud providers. However, logs may contain information that is sensitive by nature and considered personal identifiable under most of the new privacy protection laws, such as the European General Data Protection Regulation (GDPR). To ensure that companies do not violate regulatory compliance, they must adopt, in their software systems, appropriate data protection measures. Such privacy protection laws also promote the use of anonymization techniques as possible mechanisms to operationalize data protection. However, companies struggle to put anonymization in practice due to the lack of integrated, intuitive, and easy-to-use tools that accommodate effectively with their log management systems. In this paper, we propose an automatic approach (SafeLog) to filter out information and anonymize log streams to safeguard the confidentiality of sensitive data and prevent its exposure and misuse from third parties. Our results show that atomic anonymization operations can be effectively applied to log streams to preserve the confidentiality of information, while still allowing to conduct different types of analysis tasks such as users behavior, and anomaly detection. Our approach also reduces the amount of data sent to cloud vendors, hence decreasing the financial costs and the risk of overexposing information.||Type of material:||Conference Publication||Publisher:||IEEE||Copyright (published version):||2019 IEEE||Keywords:||Data privacy; Data protection; Software engineering||DOI:||10.1109/conisoft.2019.00024||Other versions:||http://conisoft.org/2019/||Language:||en||Status of Item:||Peer reviewed||Is part of:||Juárez-Ramírez, R., Fernández y Fernández, C., Jiménez, S., Ramírez-Noriega, A., Pérez González, H., Licea Sandoval, G., Guerra-García, C. (eds.). 2019 7th International Conference in Software Engineering Research and Innovation (CONISOFT), Mexico City, Mexico, 23-25 October 2019: Proceedings||Conference Details:||The 2019 7th International Conference in Software Engineering Research and Innovation (CONISOFT), Mexico City, Mexico, 23 -25 October 2019||ISBN:||978-1-7281-2524-4||This item is made available under a Creative Commons License:||https://creativecommons.org/licenses/by-nc-nd/3.0/ie/|
|Appears in Collections:||Computer Science Research Collection|
Show full item record
If you are a publisher or author and have copyright concerns for any item, please email firstname.lastname@example.org and the item will be withdrawn immediately. The author or person responsible for depositing the article will be contacted within one business day.